npm - @strapi/plugin-users-permissions - Versions diffs - 4.0.0-next.9 → 4.0.3 - Mend

@strapi/plugin-users-permissions 4.0.0-next.9 → 4.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (178) hide show

package/admin/src/components/BoundRoute/getMethodColor.js +41 -0
package/admin/src/components/BoundRoute/index.js +40 -24
package/admin/src/components/FormModal/Input/index.js +121 -0
package/admin/src/components/FormModal/index.js +123 -0
package/admin/src/components/Permissions/PermissionRow/CheckboxWrapper.js +19 -26
package/admin/src/components/Permissions/PermissionRow/SubCategory.js +118 -0
package/admin/src/components/Permissions/PermissionRow/index.js +9 -48
package/admin/src/components/Permissions/index.js +36 -24
package/admin/src/components/Permissions/init.js +1 -6
package/admin/src/components/Policies/index.js +46 -47
package/admin/src/components/UsersPermissions/index.js +29 -26
package/admin/src/components/UsersPermissions/init.js +1 -2
package/admin/src/hooks/useFetchRole/index.js +17 -7
package/admin/src/hooks/useForm/index.js +3 -29
package/admin/src/hooks/useForm/reducer.js +2 -21
package/admin/src/hooks/usePlugins/index.js +12 -21
package/admin/src/hooks/usePlugins/reducer.js +0 -3
package/admin/src/index.js +0 -8
package/admin/src/pages/AdvancedSettings/index.js +203 -193
package/admin/src/pages/AdvancedSettings/utils/api.js +13 -0
package/admin/src/pages/AdvancedSettings/utils/layout.js +96 -0
package/admin/src/pages/AdvancedSettings/utils/schema.js +21 -0
package/admin/src/pages/EmailTemplates/components/EmailForm.js +173 -0
package/admin/src/pages/EmailTemplates/components/EmailTable.js +116 -0
package/admin/src/pages/EmailTemplates/index.js +117 -197
package/admin/src/pages/EmailTemplates/utils/api.js +13 -0
package/admin/src/pages/Providers/index.js +206 -221
package/admin/src/pages/Providers/utils/api.js +21 -0
package/admin/src/pages/Providers/utils/forms.js +168 -126
package/admin/src/pages/Roles/CreatePage/index.js +155 -147
package/admin/src/pages/Roles/EditPage/index.js +162 -134
package/admin/src/pages/Roles/ListPage/components/TableBody.js +96 -0
package/admin/src/pages/Roles/ListPage/index.js +176 -156
package/admin/src/pages/Roles/ListPage/utils/api.js +28 -0
package/admin/src/translations/ar.json +0 -8
package/admin/src/translations/cs.json +0 -8
package/admin/src/translations/de.json +0 -8
package/admin/src/translations/dk.json +0 -8
package/admin/src/translations/en.json +33 -12
package/admin/src/translations/es.json +0 -8
package/admin/src/translations/fr.json +0 -8
package/admin/src/translations/id.json +0 -8
package/admin/src/translations/it.json +0 -8
package/admin/src/translations/ja.json +0 -8
package/admin/src/translations/ko.json +93 -54
package/admin/src/translations/ms.json +0 -8
package/admin/src/translations/nl.json +0 -8
package/admin/src/translations/pl.json +0 -8
package/admin/src/translations/pt-BR.json +0 -8
package/admin/src/translations/pt.json +0 -8
package/admin/src/translations/ru.json +0 -8
package/admin/src/translations/sk.json +0 -8
package/admin/src/translations/sv.json +0 -8
package/admin/src/translations/th.json +0 -8
package/admin/src/translations/tr.json +0 -8
package/admin/src/translations/uk.json +0 -8
package/admin/src/translations/vi.json +0 -8
package/admin/src/translations/zh-Hans.json +5 -14
package/admin/src/translations/zh.json +0 -8
package/admin/src/utils/axiosInstance.js +36 -0
package/admin/src/utils/formatPluginName.js +26 -0
package/admin/src/utils/index.js +1 -0
package/documentation/1.0.0/overrides/users-permissions-Role.json +6 -6
package/documentation/1.0.0/overrides/users-permissions-User.json +7 -7
package/jest.config.front.js +10 -0
package/package.json +36 -33
package/server/bootstrap/index.js +19 -21
package/server/config.js +3 -3
package/server/content-types/index.js +3 -3
package/server/content-types/permission/index.js +30 -3
package/server/content-types/role/index.js +47 -3
package/server/content-types/user/index.js +65 -4
package/server/controllers/auth.js +82 -245
package/server/controllers/content-manager-user.js +183 -0
package/server/controllers/index.js +12 -6
package/server/controllers/permissions.js +26 -0
package/server/controllers/role.js +77 -0
package/server/controllers/settings.js +85 -0
package/server/controllers/user.js +119 -45
package/server/controllers/validation/auth.js +29 -0
package/server/controllers/validation/user.js +38 -0
package/server/graphql/index.js +44 -0
package/server/graphql/mutations/auth/email-confirmation.js +39 -0
package/server/graphql/mutations/auth/forgot-password.js +38 -0
package/server/graphql/mutations/auth/login.js +38 -0
package/server/graphql/mutations/auth/register.js +39 -0
package/server/graphql/mutations/auth/reset-password.js +41 -0
package/server/graphql/mutations/crud/role/create-role.js +37 -0
package/server/graphql/mutations/crud/role/delete-role.js +28 -0
package/server/graphql/mutations/crud/role/update-role.js +38 -0
package/server/graphql/mutations/crud/user/create-user.js +48 -0
package/server/graphql/mutations/crud/user/delete-user.js +42 -0
package/server/graphql/mutations/crud/user/update-user.js +49 -0
package/server/graphql/mutations/index.js +42 -0
package/server/graphql/queries/index.js +13 -0
package/server/graphql/queries/me.js +17 -0
package/server/graphql/resolvers-configs.js +37 -0
package/server/graphql/types/create-role-payload.js +11 -0
package/server/graphql/types/delete-role-payload.js +11 -0
package/server/graphql/types/index.js +21 -0
package/server/graphql/types/login-input.js +13 -0
package/server/graphql/types/login-payload.js +12 -0
package/server/graphql/types/me-role.js +14 -0
package/server/graphql/types/me.js +16 -0
package/server/graphql/types/password-payload.js +11 -0
package/server/graphql/types/register-input.js +13 -0
package/server/graphql/types/update-role-payload.js +11 -0
package/server/graphql/utils.js +27 -0
package/server/index.js +21 -0
package/server/middlewares/index.js +2 -2
package/server/{policies → middlewares}/rateLimit.js +3 -7
package/server/register.js +11 -0
package/server/routes/admin/index.js +10 -0
package/server/routes/admin/permissions.js +20 -0
package/server/routes/admin/role.js +79 -0
package/server/routes/admin/settings.js +95 -0
package/server/routes/content-api/auth.js +73 -0
package/server/routes/content-api/index.js +11 -0
package/server/routes/content-api/permissions.js +9 -0
package/server/routes/content-api/role.js +29 -0
package/server/routes/content-api/user.js +61 -0
package/server/routes/index.js +4 -428
package/server/services/index.js +10 -8
package/server/services/jwt.js +9 -17
package/server/services/providers.js +32 -33
package/server/services/role.js +177 -0
package/server/services/user.js +23 -22
package/server/services/users-permissions.js +140 -338
package/server/strategies/users-permissions.js +123 -0
package/server/utils/index.d.ts +2 -0
package/strapi-admin.js +3 -0
package/strapi-server.js +1 -19
package/admin/src/assets/images/logo.svg +0 -1
package/admin/src/components/BaselineAlignement/index.js +0 -33
package/admin/src/components/Bloc/index.js +0 -10
package/admin/src/components/BoundRoute/Components.js +0 -78
package/admin/src/components/ContainerFluid/index.js +0 -13
package/admin/src/components/FormBloc/index.js +0 -61
package/admin/src/components/IntlInput/index.js +0 -38
package/admin/src/components/ListBaselineAlignment/index.js +0 -8
package/admin/src/components/ListRow/Components.js +0 -74
package/admin/src/components/ListRow/index.js +0 -35
package/admin/src/components/ModalForm/Wrapper.js +0 -12
package/admin/src/components/ModalForm/index.js +0 -59
package/admin/src/components/Permissions/ListWrapper.js +0 -9
package/admin/src/components/Permissions/PermissionRow/BaselineAlignment.js +0 -7
package/admin/src/components/Permissions/PermissionRow/RowStyle.js +0 -28
package/admin/src/components/Permissions/PermissionRow/SubCategory/ConditionsButtonWrapper.js +0 -13
package/admin/src/components/Permissions/PermissionRow/SubCategory/PolicyWrapper.js +0 -8
package/admin/src/components/Permissions/PermissionRow/SubCategory/SubCategoryWrapper.js +0 -26
package/admin/src/components/Permissions/PermissionRow/SubCategory/index.js +0 -116
package/admin/src/components/Policies/Components.js +0 -26
package/admin/src/components/PrefixedIcon/index.js +0 -27
package/admin/src/components/Roles/EmptyRole/BaselineAlignment.js +0 -7
package/admin/src/components/Roles/EmptyRole/index.js +0 -27
package/admin/src/components/Roles/RoleListWrapper/index.js +0 -17
package/admin/src/components/Roles/RoleRow/RoleDescription.js +0 -9
package/admin/src/components/Roles/RoleRow/index.js +0 -45
package/admin/src/components/Roles/index.js +0 -3
package/admin/src/components/SizedInput/index.js +0 -24
package/admin/src/pages/AdvancedSettings/reducer.js +0 -65
package/admin/src/pages/AdvancedSettings/utils/form.js +0 -52
package/admin/src/pages/EmailTemplates/CustomTextInput.js +0 -105
package/admin/src/pages/EmailTemplates/Wrapper.js +0 -36
package/admin/src/pages/EmailTemplates/reducer.js +0 -58
package/admin/src/pages/EmailTemplates/utils/forms.js +0 -81
package/admin/src/pages/Roles/ListPage/BaselineAlignment.js +0 -8
package/server/content-types/permission/schema.json +0 -48
package/server/content-types/role/schema.json +0 -46
package/server/content-types/user/schema.json +0 -66
package/server/controllers/user/admin.js +0 -230
package/server/controllers/user/api.js +0 -174
package/server/controllers/users-permissions.js +0 -271
package/server/middlewares/users-permissions.js +0 -44
package/server/policies/index.js +0 -11
package/server/policies/isAuthenticated.js +0 -9
package/server/policies/permissions.js +0 -94
package/server/schema.graphql.js +0 -317

package/server/services/role.js ADDED Viewed

@@ -0,0 +1,177 @@
+'use strict';
+const _ = require('lodash');
+const { NotFoundError } = require('@strapi/utils').errors;
+const { getService } = require('../utils');
+module.exports = ({ strapi }) => ({
+  async createRole(params) {
+    if (!params.type) {
+      params.type = _.snakeCase(_.deburr(_.toLower(params.name)));
+    }
+    const role = await strapi
+      .query('plugin::users-permissions.role')
+      .create({ data: _.omit(params, ['users', 'permissions']) });
+    const createPromises = _.flatMap(params.permissions, (type, typeName) => {
+      return _.flatMap(type.controllers, (controller, controllerName) => {
+        return _.reduce(
+          controller,
+          (acc, action, actionName) => {
+            const { enabled /* policy */ } = action;
+            if (enabled) {
+              const actionID = `${typeName}.${controllerName}.${actionName}`;
+              acc.push(
+                strapi
+                  .query('plugin::users-permissions.permission')
+                  .create({ data: { action: actionID, role: role.id } })
+              );
+            }
+            return acc;
+          },
+          []
+        );
+      });
+    });
+    await Promise.all(createPromises);
+  },
+  async getRole(roleID) {
+    const role = await strapi
+      .query('plugin::users-permissions.role')
+      .findOne({ where: { id: roleID }, populate: ['permissions'] });
+    if (!role) {
+      throw new NotFoundError('Role not found');
+    }
+    const allActions = getService('users-permissions').getActions();
+    // Group by `type`.
+    role.permissions.forEach(permission => {
+      const [type, controller, action] = permission.action.split('.');
+      _.set(allActions, `${type}.controllers.${controller}.${action}`, {
+        enabled: true,
+        policy: '',
+      });
+    });
+    return {
+      ...role,
+      permissions: allActions,
+    };
+  },
+  async getRoles() {
+    const roles = await strapi.query('plugin::users-permissions.role').findMany({ sort: ['name'] });
+    for (const role of roles) {
+      role.nb_users = await strapi
+        .query('plugin::users-permissions.user')
+        .count({ where: { role: { id: role.id } } });
+    }
+    return roles;
+  },
+  async updateRole(roleID, data) {
+    const role = await strapi
+      .query('plugin::users-permissions.role')
+      .findOne({ where: { id: roleID }, populate: ['permissions'] });
+    if (!role) {
+      throw new NotFoundError('Role not found');
+    }
+    await strapi.query('plugin::users-permissions.role').update({
+      where: { id: roleID },
+      data: _.pick(data, ['name', 'description']),
+    });
+    const { permissions } = data;
+    const newActions = _.flatMap(permissions, (type, typeName) => {
+      return _.flatMap(type.controllers, (controller, controllerName) => {
+        return _.reduce(
+          controller,
+          (acc, action, actionName) => {
+            const { enabled /* policy */ } = action;
+            if (enabled) {
+              acc.push(`${typeName}.${controllerName}.${actionName}`);
+            }
+            return acc;
+          },
+          []
+        );
+      });
+    });
+    const oldActions = role.permissions.map(({ action }) => action);
+    const toDelete = role.permissions.reduce((acc, permission) => {
+      if (!newActions.includes(permission.action)) {
+        acc.push(permission);
+      }
+      return acc;
+    }, []);
+    const toCreate = newActions
+      .filter(action => !oldActions.includes(action))
+      .map(action => ({ action, role: role.id }));
+    await Promise.all(
+      toDelete.map(permission =>
+        strapi
+          .query('plugin::users-permissions.permission')
+          .delete({ where: { id: permission.id } })
+      )
+    );
+    await Promise.all(
+      toCreate.map(permissionInfo =>
+        strapi.query('plugin::users-permissions.permission').create({ data: permissionInfo })
+      )
+    );
+  },
+  async deleteRole(roleID, publicRoleID) {
+    const role = await strapi
+      .query('plugin::users-permissions.role')
+      .findOne({ where: { id: roleID }, populate: ['users', 'permissions'] });
+    if (!role) {
+      throw new NotFoundError('Role not found');
+    }
+    // Move users to guest role.
+    await Promise.all(
+      role.users.map(user => {
+        return strapi.query('plugin::users-permissions.user').update({
+          where: { id: user.id },
+          data: { role: publicRoleID },
+        });
+      })
+    );
+    // Remove permissions related to this role.
+    // TODO: use delete many
+    await Promise.all(
+      role.permissions.map(permission => {
+        return strapi.query('plugin::users-permissions.permission').delete({
+          where: { id: permission.id },
+        });
+      })
+    );
+    // Delete the role.
+    await strapi.query('plugin::users-permissions.role').delete({ where: { id: roleID } });
+  },
+});

package/server/services/user.js CHANGED Viewed

@@ -9,7 +9,7 @@
 const crypto = require('crypto');
 const bcrypt = require('bcryptjs');
-const { sanitizeEntity, getAbsoluteServerUrl } = require('@strapi/utils');
+const { getAbsoluteServerUrl, sanitize } = require('@strapi/utils');
 const { getService } = require('../utils');
 module.exports = ({ strapi }) => ({
@@ -45,16 +45,23 @@ module.exports = ({ strapi }) => ({
   /**
    * Promise to edit a/an user.
+   * @param {string} userId
+   * @param {object} params
    * @return {Promise}
    */
-  async edit(params, values) {
-    if (values.password) {
-      values.password = await getService('user').hashPassword(values);
+  async edit(userId, params = {}) {
+    if (params.password) {
+      params.password = await getService('user').hashPassword(params);
     }
-    return strapi
-      .query('plugin::users-permissions.user')
-      .update({ where: params, data: values, populate: ['role'] });
+    return strapi.entityService.update(
+      'plugin::users-permissions.user',
+      userId,
+      {
+        data: params,
+        populate: ['role']
+      }
+    );
   },
   /**
@@ -114,41 +121,35 @@ module.exports = ({ strapi }) => ({
     return strapi.query('plugin::users-permissions.user').delete({ where: params });
   },
-  async removeAll(params) {
-    return strapi.query('plugin::users-permissions.user').delete({ where: params });
-  },
   validatePassword(password, hash) {
     return bcrypt.compare(password, hash);
   },
   async sendConfirmationEmail(user) {
     const userPermissionService = getService('users-permissions');
-    const pluginStore = await strapi.store({
-      environment: '',
-      type: 'plugin',
-      name: 'users-permissions',
-    });
+    const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });
+    const userSchema = strapi.getModel('plugin::users-permissions.user');
     const settings = await pluginStore
       .get({ key: 'email' })
       .then(storeEmail => storeEmail['email_confirmation'].options);
-    const userInfo = sanitizeEntity(user, {
-      model: strapi.getModel('plugin::users-permissions.user'),
-    });
+    // Sanitize the template's user information
+    const sanitizedUserInfo = await sanitize.sanitizers.defaultSanitizeOutput(userSchema, user);
     const confirmationToken = crypto.randomBytes(20).toString('hex');
-    await this.edit({ id: user.id }, { confirmationToken });
+    await this.edit(user.id, { confirmationToken });
     settings.message = await userPermissionService.template(settings.message, {
       URL: `${getAbsoluteServerUrl(strapi.config)}/auth/email-confirmation`,
-      USER: userInfo,
+      USER: sanitizedUserInfo,
       CODE: confirmationToken,
     });
-    settings.object = await userPermissionService.template(settings.object, { USER: userInfo });
+    settings.object = await userPermissionService.template(settings.object, {
+      USER: sanitizedUserInfo,
+    });
     // Send an email to the user.
     await strapi